The Trojan has several standout techniques and procedures, such as the ability to spread over a network and the ability to monitor a browser’s activity by setting up a local proxy for traffic tunneling. Similar to the TrickBot and Dridex Trojans, IcedID both web injection and redirection attack techniques.
IcedID is being distributed by the Emotet Trojan, which is used as a dropper to put IcedID on targeted systems. Emotet is known for its spam campaigns, designed to look like messages from banks, which contain malicious .zip archives.
According to X-Force, IcedID requires a reboot to complete its full deployment. The reboot also serves as way to attempt to evade analysis via sandboxes that do not emulate rebooting.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now